Security

Cisco Identity Services Engine (ISE) is commonly associated with use as a network access policy, BYOD and AAA platform. But to do its job in network policy, ISE collects a great breadth of telemetry about network users and devices. Whether a device is trying to access the network or is already conne…

The Cisco 2015 Annual Security Report highlights many creative techniques that attackers are exploiting to conceal malicious activity, often taking advantage of gaps in security programs. They are continually refining and developing new techniques to gain a foothold in environments and, increasingly…

To help kick off 2015 with new insights in the world of attackers, users, and defenders, we analyzed a significant amount of 2014 security data telemetry from our global customer footprint. We took this data and distilled it into a comprehensive report for you to leverage and are proud to announce t…

New year predictions generally take one of several forms: broad generalizations about multi-year trends, guesses about what might happen, or overviews of recent events disguised as predictions. The first is too easy, the second—going out on a limb—risks missing the mark so badly as to be useless. So…

IT-Harvest, founded by renowned security expert and industry analyst Richard Stiennon, provides reports, analysis, and advisory services on trends in emerging threats and the technology to counter them. Richard Stiennon is one of the most followed and well-respected IT security analysts and authors…

The Common Vulnerability Scoring System (CVSS) Special Interest Group (SIG), in which Cisco is an active participant, acting on behalf of FIRST.org, has published a preview of the upcoming CVSS v3.0 scoring standard.  The CVSS v3.0 preview represents a near final version and includes metric and vect…

In 2013, our internal Information Security team carried out a series of controlled anti-phishing exercises. The purpose was to raise employees’ awareness of potential spear phishing attacks through emails. Spear phishing has been a common first step for Advanced Persistent Threat (APT) attacks…

Editor’s Note: In the two previous blogs, we discussed some of the issues and dilemmas found within information security knowledge and practice domains. Those challenges arise fundamentally from the traditional approach that many organizations have adopted to address information security requi…

Chances are you might be reading this blogpost on a device other than a laptop or desktop computer.  I’d also wager that the device you’re using to read this post handles double-duty – that is, you use it for both work (e.g., checking email, reviewing confidential documents) and play (e.g., Vine, Fl…